qemu: Implement VIR_DOMAIN_TAINT_HOOK

Currently, there's just one place where we care if hook script is changing the domain XML: migration hook for incoming migration. In all other places where a hook script is executed, we don't read the XML back from the script. Anyway, the hook script can alter domain XML and hence we should taint it if the script did. Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2025-01-11 09:17:52 +03:00 · 2014-02-04 16:42:13 +01:00 · 2014-02-04 16:42:13 +01:00 · 3b2c279449
commit 3b2c279449
parent 287d30a816
3 changed files with 16 additions and 0 deletions
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@ -1628,6 +1628,7 @@ void qemuDomainObjCheckTaint(virQEMUDriverPtr driver,
 {
    size_t i;
    virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
+    qemuDomainObjPrivatePtr priv = obj->privateData;

    if (cfg->privileged &&
        (!cfg->clearEmulatorCapabilities ||
@ -1635,6 +1636,9 @@ void qemuDomainObjCheckTaint(virQEMUDriverPtr driver,
         cfg->group == 0))
        qemuDomainObjTaint(driver, obj, VIR_DOMAIN_TAINT_HIGH_PRIVILEGES, logFD);

+    if (priv->hookRun)
+        qemuDomainObjTaint(driver, obj, VIR_DOMAIN_TAINT_HOOK, logFD);
+
    if (obj->def->namespaceData) {
        qemuDomainCmdlineDefPtr qemucmd = obj->def->namespaceData;
        if (qemucmd->num_args || qemucmd->num_env)
--- a/src/qemu/qemu_domain.h
+++ b/src/qemu/qemu_domain.h
@ -174,6 +174,8 @@ struct _qemuDomainObjPrivate {
    virCond unplugFinished; /* signals that unpluggingDevice was unplugged */
    const char *unpluggingDevice; /* alias of the device that is being unplugged */
    char **qemuDevices; /* NULL-terminated list of devices aliases known to QEMU */
+
+    bool hookRun;  /* true if there was a hook run over this domain */
 };

 typedef enum {
--- a/src/qemu/qemu_migration.c
+++ b/src/qemu/qemu_migration.c
@ -2230,6 +2230,7 @@ qemuMigrationPrepareAny(virQEMUDriverPtr driver,
    virCapsPtr caps = NULL;
    char *migrateFrom = NULL;
    bool abort_on_error = !!(flags & VIR_MIGRATE_ABORT_ON_ERROR);
+    bool taint_hook = false;

    if (virTimeMillisNow(&now) < 0)
        return -1;
@ -2300,6 +2301,10 @@ qemuMigrationPrepareAny(virQEMUDriverPtr driver,

                virDomainDefFree(*def);
                *def = newdef;
+                /* We should taint the domain here. However, @vm and therefore
+                 * privateData too are still NULL, so just notice the fact and
+                 * taint it later. */
+                taint_hook = true;
            }
        }
    }
@ -2385,6 +2390,11 @@ qemuMigrationPrepareAny(virQEMUDriverPtr driver,
    if (VIR_STRDUP(priv->origname, origname) < 0)
        goto cleanup;

+    if (taint_hook) {
+        /* Domain XML has been altered by a hook script. */
+        priv->hookRun = true;
+    }
+
    if (!(mig = qemuMigrationEatCookie(driver, vm, cookiein, cookieinlen,
                                       QEMU_MIGRATION_COOKIE_LOCKSTATE |
                                       QEMU_MIGRATION_COOKIE_NBD)))